On Friday, South Carolina’s Governor Nikki Haley announced that about 3.6 million taxpayers’ Social Security numbers and related taxpayer data were downloaded by an unknown outside hacker. The Governor reassured worried South Carolina residents that “the problem has been fixed”.
Unfortunately, that’s like locking the barn door after the horses have fled. For the 3.6 million SSN theft victims, it’s too late to fix it.
According to a Computerworld news article, “Another 387,000 credit and debit card numbers were also exposed in the September attack, the state Department of Revenue said in a statement Friday.”
It sounds like the Social Security numbers were stored in unencrypted form. (The I.T. department may have thought that the server and database systems’ authentication procedures provided sufficient security.) I’d guess that this could expose the state to liability for breach of fiduciary responsibility. South Carolina’s failure to encrypt these critical numbers is about as dumb as Yahoo’s recently exposed failure to encrypt users’ passwords.
Related article: Yahoo!’s password breach implications
Visit my website: http://russbellew.com
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695